https://wiki.zimbra.com/api.php?action=feedcontributions&user=Tfournet&feedformat=atomZimbra :: Tech Center - User contributions [en]2024-03-28T10:49:20ZUser contributionsMediaWiki 1.39.0https://wiki.zimbra.com/index.php?title=Bulk_Provisioning&diff=12590Bulk Provisioning2009-02-02T18:18:37Z<p>Tfournet: /* Aliases File to Zmprov */</p>
<hr />
<div>[[Category:Migration]]<br />
<br />
= Zmprov Command Files =<br />
<br />
The [[Zmprov]] command will accept commands from a file (or stdin) as input. Create a text file ("commands.zmp" for example) with the zmprov subcommands each on a line.<br />
<br />
createDomain domain.com<br />
createAccount andy@domain.com password displayName 'Andy Anderson' givenName Andy sn Anderson<br />
createAccount betty@domain.com password displayName 'Betty Brown' givenName Betty sn Brown<br />
<br />
Then send the contents of the file to zmprov.<br />
<br />
As Zimbra:<br />
zmprov < commands.zmp<br />
<br />
As Root:<br />
cat commands.zmp | su - zimbra -c zmprov<br />
<br />
<br />
Below are some ways to create a command file from your existing account data.<br />
<br />
= Create Accounts =<br />
<br />
== Passwd File to Zmprov ==<br />
<br />
Following is a perl script to take a passwd file and turn it into a zmprov command file for account provisioning.<br />
<br />
<pre><br />
#!/usr/bin/perl<br />
#<br />
# $Id: passwd2zmprov,v 1.2 2008/03/05 05:01:29 phil Exp $<br />
<br />
=head1 NAME<br />
<br />
passwd2zmprov - create zmprov commands from a passwd file<br />
<br />
=head1 SYNOPSIS<br />
<br />
usage: passwd2zmprov [options] [[passwd_file] ...] > commands.zmp<br />
-help show a brief help message<br />
-man show the full documentation<br />
<br />
-domain <domain> [REQUIRED]<br />
-cosid <cos_id> [default "Default COS"]<br />
-password <password> [default ""]<br />
<br />
Getting a COS id:<br />
zimbra$ zmprov gc <myCos> | grep ^zimbraId:<br />
<br />
Example converting CSV to zmprov commands:<br />
$ ./passwd2zmprov -domain example.moc /etc/passwd > commands.zmp<br />
<br />
Example provisioning ZCS accounts as 'zimbra' user:<br />
zimbra$ zmprov < commands.zmp<br />
<br />
=head1 DESCRIPTION:<br />
<br />
Tool to create commands suitable for zmprov from a UNIX passwd file.<br />
We don't use getpwent etc., because we are likely working on a copy<br />
and not running as root.<br />
<br />
See Also:<br />
http://wiki.zimbra.com/index.php?title=Bulk_Create<br />
<br />
=cut<br />
<br />
use strict;<br />
use warnings;<br />
use File::Basename qw(basename);<br />
use Getopt::Long qw(GetOptions);<br />
use Pod::Usage qw(pod2usage);<br />
<br />
my $prog = basename($0);<br />
my ( @err, %option );<br />
<br />
GetOptions( \%option, 'help|?', 'man', 'domain=s', 'cosid=s', 'password=s' )<br />
or pod2usage( -verbose => 0 );<br />
<br />
pod2usage( -verbose => 1 ) if ( $option{help} );<br />
pod2usage( -verbose => 2 ) if ( $option{man} );<br />
<br />
push( @err, "-domain <domain> is required" )<br />
unless ( $option{domain} );<br />
<br />
pod2usage( -verbose => 0, -message => map( "$prog: $_\n", @err ) )<br />
if (@err);<br />
<br />
warn("$prog: using Default COS\n") unless ( $option{cos_id} );<br />
warn("$prog: reading passwd like entries from STDIN\n") unless (@ARGV);<br />
<br />
my $date = localtime();<br />
my $cosid = $option{cosid};<br />
my $domain = $option{domain};<br />
my $password = defined $option{password} ? $option{password} : "";<br />
my $MIN_UID = 500; # skip system accounts like httpd<br />
my $MAX_UID = 60000; # skip other system accounts like nfsnobody<br />
<br />
# sanitize password<br />
$password =~ s/\"/\\\"/g;<br />
<br />
while (<>) {<br />
chomp;<br />
next if (/^\s*$/); # skip empty lines<br />
<br />
my ( $uname, $x, $uid, $gid, $gecos, $dir, $shell ) = split( /:/, $_, 7 );<br />
<br />
if ( $uid < $MIN_UID or $uid > $MAX_UID ) {<br />
warn("$prog: skip $uname: $uid not between $MIN_UID and $MAX_UID\n");<br />
next;<br />
}<br />
<br />
# assuming gecos format is First [[MI] [Last]], sanitize a little<br />
$gecos =~ s/\"/\\\"/g;<br />
<br />
my ( $fullname, $description ) = split( /\s*,\s*/, $gecos, 2 );<br />
my ( $fname, $mname, $lname ) = split( " ", $fullname, 3 );<br />
unless ( defined($lname) ) {<br />
$lname = $mname;<br />
undef($mname);<br />
}<br />
my $displayname = $fname<br />
. ( defined($mname) ? " $mname" : "" )<br />
. ( defined($lname) ? " $lname" : "" );<br />
<br />
print(<br />
qq{ca "$uname\@$domain" "$password"},<br />
( defined($cosid) ? qq{ zimbraCOSid "$cosid"} : () ),<br />
( defined($fname) ? qq{ givenName "$fname"} : () ),<br />
( defined($lname) ? qq{ sn "$lname"} : () ),<br />
( defined($uname) ? qq{ cn "$uname"} : () ),<br />
( defined($displayname) ? qq{ displayName "$displayname"} : () ),<br />
( defined($description) ? qq{ description "$description"} : () ),<br />
qq{ zimbraNotes "Migrated $date"},<br />
qq{ zimbraPasswordMustChange TRUE},<br />
qq{\n},<br />
);<br />
}<br />
<br />
=head1 HISTORY<br />
<br />
2007/01/23, Version 1.0/1.1 Dlbewley<br />
2008/03/04, Version 1.2 Plobbes<br />
<br />
=cut<br />
</pre><br />
<br />
To execute: <br />
<br />
perl passwd2zmprov -domain example.moc < passwd > mydata.zmp<br />
<br />
== CSV File to Zmprov ==<br />
<br />
Following is a simple perl script to take a CSV file and turn it into the correct zmprov commands<br />
<br />
#!/usr/bin/perl<br />
<br />
# Lookup the valid COS (Class of Service) ID in the interface or like this<br />
my $cosid = `su - zimbra -c 'zmprov gc Default |grep zimbraId:'`;<br />
$cosid =~ s/zimbraId:\s*|\s*$//g;<br />
<br />
while (<>) {<br />
chomp;<br />
<br />
# CHANGE ME: To the actual fields you use in your CSV file<br />
my ($email, $password, $first, $last) = split(/\,/, $_, 4);<br />
<br />
my ($uid, $domain) = split(/@/, $email, 2);<br />
<br />
print qq{ca $uid\@$domain $password\n};<br />
print qq{ma $uid\@$domain zimbraCOSid "$cosid"\n};<br />
print qq{ma $uid\@$domain givenName "$first"\n};<br />
print qq{ma $uid\@$domain sn "$last"\n};<br />
print qq{ma $uid\@$domain cn "$uid"\n};<br />
print qq{ma $uid\@$domain displayName "$first $last"\n};<br />
print qq{ma $uid\@$domain zimbraPasswordMustChange TRUE\n};<br />
print qq{\n};<br />
}<br />
<br />
The above is only a starting place, you will need to change other options (eg: the zimbraPasswordMustChange is an example only) and of course how you create and split the input data.<br />
<br />
Also, some CSV files may contain quotes you want to remove.<br />
<br />
== MacOSX Server mail users ==<br />
<br />
This script will remotely login to your existing MacOSX mail server and retrieve the users from /var/spool/imap/user. You will need an sudo/ssh account on boxes, don't forget to configure the variables at the top of the script<br />
<br />
<pre><br />
#!/usr/bin/perl<br />
#This file is going to provision all the users for your new Zimbra Mail Server from MacOSX<br />
#Written by Jordan Eunson - jordan@spidernetworks.ca<br />
<br />
#Enter the top level domain for your email<br />
$domain = "foo.bar.com";<br />
#Enter the a sudo/SSH username for your existing mail server<br />
$username1 = "username";<br />
#Enter the IP/FQDN for your existing mail server<br />
$hostname1 = "macosx.foo.bar.com";<br />
#Enter the a sudo/SSH username for your new Zimbra server<br />
$username2 = "username";<br />
#Enter the IP/FQDN for your Zimbra server<br />
$hostname2 = "zimbra.foo.bar.com";<br />
<br />
#DO NOT MODIFY BELOW THIS LINE<br />
use warnings;<br />
use Tie::File;<br />
<br />
system `clear`;<br />
<br />
print "This script is now going to connect to your existing mail server\n";<br />
print "It will ask you for your sudo password twice\n";<br />
print "If this step fails your probably have not configure the vars in this script\n";<br />
<br />
system `ssh $username1\@$hostname1 sudo ls /var/spool/imap/user > userlist.txt`;<br />
system `cp userlist.txt imapuserlist.txt`;<br />
<br />
print "users retrieved:\n";<br />
open FILE, "userlist.txt" or die $!;<br />
while (<FILE>) { print $_; }<br />
close (FILE); <br />
<br />
confirmation:<br />
<br />
print "Are these all your users?[Y/N]";<br />
$answer = <>;<br />
<br />
if ($answer =~ m/Y/ )<br />
{<br />
modtextfile();<br />
}<br />
<br />
elsif ( $answer =~ m/N/ ) <br />
{<br />
die;<br />
}<br />
else <br />
{ <br />
print "you must answer Yes or No!\n";<br />
goto confirmation; <br />
}<br />
<br />
print "\n";<br />
print "We are now ready to provision the users into your new Zimbra Server\n";<br />
print "You will now be prompted thrice for your sudo password for your new Zimbra Server\n";<br />
provusers();<br />
<br />
print "provisioning complete\n";<br />
exit;<br />
<br />
<br />
sub modtextfile() {<br />
tie my @file, "Tie::File", "userlist.txt";<br />
foreach my $line (@file)<br />
{ <br />
$line = "ca " . $line . "@" . $domain . ' ""';<br />
}<br />
}<br />
<br />
sub provusers() {<br />
system `ssh $username2\@$hostname2 sudo cd; ssh $username2\@$hostname2 sudo /opt/zimbra/bin/zmprov < userlist.txt > useroutput.txt`;<br />
}<br />
<br />
</pre><br />
<br />
== LDAP Users to Zimbra Accounts ==<br />
<br />
This script will generate zimbra accounts based on users found in your LDAP server. WARNING: EXISTING ACCOUNTS WILL BE DELETED FROM ZIMBRA, so use with care!<br />
<br />
<pre><br />
<br />
#!/usr/bin/perl<br />
<br />
=pod<br />
=head1 NAME<br />
<br />
ldap2zm - create zimbra accounts for LDAP users<br />
<br />
=head1 SYNOPSIS<br />
<br />
usage: ldap2zm -h host -b 'base' [ options ]<br />
<br />
Switches:<br />
-h LDAP hostname<br />
-b LDAP search base<br />
<br />
Options:<br />
-v enable verbose output<br />
-u username for LDAP bind<br />
-p password for LDAP bind<br />
-f LDAP search filter (default: '(objectclass=*)' )<br />
-l list users found in LDAP search; take no other action<br />
<br />
=head1 DESCRIPTION<br />
<br />
*** WARNING! THIS SCRIPT WILL DESTROY EXISTING MAILBOXES!<br />
<br />
ldap2zm will create accounts in zimbra for every user it finds in the specified LDAP server.<br />
Existing accounts are purged from zimbra at the start of each run, so DO NOT RUN THIS ON A <br />
PRODUCTION ZIMBRA SERVER! Don't say I didn't warn you. :)<br />
<br />
=head1 EXAMPLE<br />
<br />
The following command would create zimbra accounts for all employees of example.com who are members of the <br />
'Zimbra Users' group on the hypothetical Active Directory server 'adserver', using the administrator's <br />
credentials:<br />
<br />
ldap2zm -h adserver -u administrator -p s3cr3t -b "DC=example,DC=com" \ <br />
-f '(memberOf=CN=Zimbra Users,OU=Employees,DC=example,DC=com)'<br />
<br />
=head1 AUTHOR<br />
<br />
Greg Boyington <greg@automagick.us><br />
<br />
=head1 SEE ALSO<br />
<br />
http://wiki.zimbra.com/index.php?title=Bulk_Provisioning<br />
<br />
=cut<br />
<br />
use strict;<br />
use Data::Dumper;<br />
use String::MkPasswd qw(mkpasswd);<br />
use IPC::Open3;<br />
use IO::Select;<br />
use Net::LDAP;<br />
use Getopt::Std;<br />
<br />
$|=1;<br />
<br />
use vars qw/$VERSION $VERBOSE %opt $zmprov_cmd $zmcontrol_cmd/;<br />
<br />
# set up usage info<br />
$VERSION=0.5;<br />
sub main::VERSION_MESSAGE { print $0.', version '.$main::VERSION."\n" }<br />
sub main::HELP_MESSAGE { print "For usage details please run:\n\tperldoc -F $0\n" }<br />
$Getopt::Std::STANDARD_HELP_VERSION = 1;<br />
<br />
# zimbra executables<br />
$zmprov_cmd = '~zimbra/bin/zmprov';<br />
$zmcontrol_cmd = '~zimbra/bin/zmmailboxdctl';<br />
<br />
# ensure the 'zimbra' user is running the show<br />
unless ( ( getpwuid( $< ) )[0] eq 'zimbra' ) {<br />
print "You must run this script as the 'zimbra' user.\n";<br />
exit 1;<br />
}<br />
<br />
# process command-line switches<br />
getopts('vh:u:p:b:f:l',\%opt);<br />
$VERBOSE = $opt{'v'} ? 1 : 0;<br />
die "You must specify your LDAP host with -h.\n"<br />
unless $opt{'h'};<br />
die "You must specify your LDAP base with -b.\n"<br />
unless $opt{'b'};<br />
<br />
unless ( $opt{'f'} ) {<br />
$opt{'f'} = q/(objectclass='*')/;<br />
warn qq/Warning: using default LDAP filter "$opt{'f'}"; override with -f.\n/;<br />
}<br />
<br />
# create the ldap object and bind to the LDAP server<br />
my $ldap = Net::LDAP->new( $opt{'h'} ) or die $@;<br />
my $msg = $ldap->bind( $opt{'u'} ? ( $opt{'u'}, password => $opt{'p'} ) : () );<br />
$msg->code && die $msg->error;<br />
<br />
# get a list of all users in the AD<br />
print "Loading LDAP users...";<br />
my %users = &search( $ldap, base => $opt{'b'}, filter => $opt{'f'} );<br />
print "OK.\n";<br />
<br />
# no users? no work.<br />
if ( ! scalar keys %users ) {<br />
warn "No LDAP users found; aborting.\n";<br />
exit 1;<br />
}<br />
<br />
# pass every user to the gen_zmprov_command() routine to prepare the <br />
# user for a new zimbra account. We also prepare the list of deleteAccount<br />
# commands.<br />
my @lines;<br />
foreach ( sort keys %users ) {<br />
$users{ $_ } = &gen_zmprov_command( user => $users{ $_ } );<br />
push @lines, "da '$users{ $_ }->{'_address'}'\n";<br />
}<br />
<br />
# List the users we found and bail, if the -l command-line switch is on. We do this<br />
# after the passing the results through gen_zmprov_command so we have the _address <br />
# to display.<br />
if ( $opt{'l'} || $VERBOSE ) {<br />
print "The following users will be (re)created in zimbra:\n";<br />
printf '%-40s %s %s'."\n", $users{ $_ }->{'cn'}[0], $users{ $_ }->{'_address'}, $users{ $_ }->{'_password'}<br />
foreach sort keys %users;<br />
}<br />
exit if $opt{'l'};<br />
<br />
# Now we modify zimbra...<br />
<br />
# deprovision existing accounts<br />
print "Deleting existing accounts...";<br />
&zmprov(@lines);<br />
print "OK.\n";<br />
<br />
# restart mailboxd, to force the account cache to be cleared <br />
print "Restarting mailboxd...";<br />
print `$zmcontrol_cmd restart`;<br />
<br />
print "Pausing to allow server restart...";<br />
sleep 3;<br />
print "OK.\n";<br />
<br />
# create new accounts<br />
print "Creating new accounts...";<br />
@lines = map { $users{ $_ }->{'_cmd'} } sort keys %users;<br />
&zmprov(@lines);<br />
print "OK.\nRecreated " . scalar( keys %users ) . " accounts.\n";<br />
<br />
# all done!<br />
exit;<br />
<br />
#<br />
# SUB-ROUTINES <br />
#<br />
<br />
# search( %param_hash )<br />
# <br />
# Execute an LDAP search and return the results as a hash.<br />
#<br />
# Any args to Net::LDAP::search() may be passed as part of %param_hash; <br />
# if it exists, the 'index_attr' param specifies which LDAP attribute to <br />
# use as the key for the resulting %users hash.<br />
# <br />
sub search {<br />
my $ldap = shift;<br />
my %args = @_;<br />
<br />
my $index_attr = delete $args{'index_attr'} || 'userprincipalname';<br />
<br />
# establish some defaults<br />
$args{'attrs'} ||= [ 'cn', 'userPrincipalName', 'memberOf', 'givenName', 'sn' ];<br />
$args{'scope'} ||= 'sub';<br />
<br />
# do the search<br />
my $result = $ldap->search( %args );<br />
<br />
my %users;<br />
<br />
# rejigger the results into a useful format<br />
my $href = $result->as_struct;<br />
foreach ( keys %$href ) {<br />
my $valref = $$href{$_};<br />
my $this;<br />
foreach my $attr ( sort keys %$valref ) {<br />
next if $attr =~ /;binary$/; # ignore any binary data<br />
$this->{ lc $attr } = @$valref{ $attr };<br />
}<br />
<br />
# add this user to the users hash<br />
$users{ $this->{ lc $index_attr }[0] } = $this;<br />
}<br />
<br />
return %users;<br />
}<br />
<br />
# gen_zmprov_command( user => $hashref )<br />
#<br />
# Determine the email address of the zimbra account to <br />
# create for the given LDAP user, and generate a createAccount<br />
# command for zmprov. These are added to the hashref as _address<br />
# and _cmd, respectively, and the whole thing is returned.<br />
#<br />
sub gen_zmprov_command {<br />
my %args = @_;<br />
my $user = delete $args{'user'};<br />
<br />
# we authenticate against AD, so the local zimbra password is irrelevant; <br />
# we'll generate difficult passwords just to be on the safe side.<br />
$user->{'_password'} = mkpasswd( -length => 12 );<br />
<br />
# our AD server manages internal.example.com, but we want email addresses<br />
# to be in the example.com domain, so we fix up the address here. Your <br />
# setup (and AD schema) may vary.<br />
my $address = $user->{'userprincipalname'}[0];<br />
$address =~ s/internal\.//;<br />
<br />
$user->{'_address'} = $address;<br />
<br />
# build the createAccount command to be sent to zmprov.<br />
$user->{'_cmd'} = qq(createAccount '$address' ) . <br />
qq('$user->{'_password'}' ) . <br />
qq(displayName '$user->{'cn'}[0]' ) . <br />
qq(givenName '$user->{'givenname'}[0]' ) . <br />
qq(sn '$user->{'sn'}[0]'\n);<br />
<br />
# return the modified hashref<br />
return $user;<br />
}<br />
<br />
# zmprov( @commands )<br />
# <br />
# execute zmprov and feed it a list of commands<br />
# <br />
sub zmprov {<br />
<br />
# start the zmprov process and capture its filehandles<br />
my $pid = open3(\*WRITE, \*READ, \*ERROR, $zmprov_cmd)<br />
or die "Couldn't open pipe to $zmprov_cmd: $!";<br />
<br />
# use IO::Select to poll zmprov's STDERR<br />
my $sel = new IO::Select(); <br />
$sel->add(\*READ);<br />
$sel->add(\*ERROR);<br />
<br />
# send every command we've been given to zmprov and watch for errors.<br />
foreach ( @_ ) {<br />
<br />
# report what we're doing as we do it, if we're being verbose<br />
print $_ if $VERBOSE;<br />
<br />
# send the command to zmprov<br />
print WRITE $_;<br />
<br />
# watch for a response on STDERR<br />
foreach my $h ( $sel->can_read ) {<br />
my $buf='';<br />
if ( $h eq \*ERROR ) {<br />
<br />
# XXX: should we abort if we get an error?<br />
sysread(ERROR,$buf,4096);<br />
warn "ERROR ( $_ ): $buf\n" if $buf;<br />
}<br />
}<br />
}<br />
<br />
# no zombies<br />
waitpid($pid,1);<br />
}<br />
<br />
</pre><br />
<br />
= Create Aliases =<br />
<br />
== Aliases File to Zmprov ==<br />
<br />
This script will parse a sendmail style aliases file including any aliases that are in an ":include:" directive. If you have appropriate comments in the included file they will be placed in the LDAP attributes of the distribution list object.<br />
<br />
<pre><br />
#!/usr/bin/perl<br />
################################################################################<br />
# $Id: aliases2zmprov,v 1.4 2007/03/07 22:18:56 dlbewley Exp $<br />
#-------------------------------------------------------------------------------<br />
# Description:<br />
# Tool to create commands suitable for zmprov from a unix aliases file.<br />
#<br />
# Handles the case of an :include: construct.<br />
# - Comments in include file are parsed as follows<br />
# - "Foo" goes in LDAP description attribute, "Bar" in the displayname.<br />
# # Description: foo<br />
# # Name: Bar<br />
#<br />
# Handles the case of remote and multiple recipients by making a dist list.<br />
# - A Zimbra alias must be associated with exactly one Zimbra account.<br />
# - A Zimbra distribution list may contain users on remote hosts.<br />
#<br />
# See Also:<br />
# http://wiki.zimbra.com/index.php?title=Bulk_Create<br />
#<br />
# Usage:<br />
# ./aliases2zmprov /etc/aliases 1> aliases.zmp 2> aliases.err<br />
# zmprov < aliases.zmp<br />
#<br />
################################################################################<br />
<br />
my @CNAME_SKIP= qw( ftp news postmaster root webmaster );<br />
my @ALIAS_SKIP= qw( abuse mailer-daemon postmaster );<br />
my $DOMAIN = 'foo.bar.com';<br />
my $SOURCE_HOST = 'mail';<br />
<br />
use File::Basename;<br />
<br />
while(<>) {<br />
chomp;<br />
s/#.*$//; # skip comments<br />
next if /^\s*$/; # skip blank lines<br />
<br />
my ($description,$display_name,@cnames);<br />
my ($alias,$cname) = split(/:/,$_,2);<br />
<br />
$alias =~ s/\s*//g;<br />
# scrutinize the aliases<br />
if (grep /^$alias$/, @ALIAS_SKIP) {<br />
warn "skipping alias $alias -> $cname";<br />
next;<br />
}<br />
<br />
$cname =~ s/\s*//g; # remove all spaces<br />
<br />
# scrutinize the canonical names<br />
if ($cname =~ m/:include:/) {<br />
(($description, $display_name, $cnames_ref) = parse_include($cname)) || next;<br />
@cnames = @{$cnames_ref};<br />
}<br />
if ($cname =~ m/,/) {<br />
# multiple recipients make this a list instead of an alias<br />
@cnames = split(/,/,$cname);<br />
}<br />
<br />
# if more than one cname then it is a dist list<br />
if (length($cnames[0])) {<br />
print "\n";<br />
print "createDistributionList $alias\@$DOMAIN\n";<br />
if ($display_name) {<br />
print "modifyDistributionList $alias\@$DOMAIN displayname \"$display_name\"\n";<br />
$display_name = undef;<br />
}<br />
if ($description) {<br />
print "modifyDistributionList $alias\@$DOMAIN description \"$description\"\n";<br />
$description = undef;<br />
}<br />
foreach my $member (@cnames) {<br />
# skip aliases to certain users<br />
if (grep /^$member$/, @CNAME_SKIP) {<br />
warn "skipping cname $member <- $alias";<br />
next; # go to next member<br />
}<br />
# A Zimbra distribution list may contain users on remote hosts.<br />
if ($member =~ m/\@/) {<br />
print "addDistributionListMember $alias\@$DOMAIN $member\n";<br />
} else {<br />
print "addDistributionListMember $alias\@$DOMAIN $member\@$DOMAIN\n";<br />
}<br />
}<br />
print "\n";<br />
@cnames=();<br />
next; # go to next line of aliases file<br />
} <br />
<br />
# skip aliases to certain users<br />
if (grep /^$cname$/, @CNAME_SKIP) {<br />
warn "skipping cname $cname <- $alias";<br />
next;<br />
}<br />
if ($cname =~ m/\/|\|/) {<br />
# alias to a file or a program. don't try to accomodate<br />
warn "WARNING skipping cname $cname <- $alias it is a file or pipe";<br />
next;<br />
}<br />
<br />
# A Zimbra alias must be associated with exactly one Zimbra account.<br />
if ($cname =~ m/\@/) {<br />
# alias to remote host. this could be created as a dist list with 1 member<br />
# that seems undersirable though.<br />
print "\n";<br />
print "createDistributionList $alias\@$DOMAIN\n";<br />
print "addDistributionListMember $alias\@$DOMAIN $cname\n";<br />
print "\n";<br />
next; # go to next line of aliases file<br />
}<br />
<br />
# are we sure that account $cname\@$DOMAIN exists?<br />
print "addAccountAlias $cname\@$DOMAIN $alias\@$DOMAIN\n";<br />
}<br />
<br />
# read an included alias file. commens with Name: and Description:<br />
# are placed into LDAP attributes for the list<br />
sub parse_include {<br />
my $cname = shift;<br />
my @cnames;<br />
# need to pull in contents of file and make a dist<br />
# list instead of an alias<br />
my $fullfile = $cname;<br />
$fullfile =~ s/:include://;<br />
my ($file,$path) = fileparse($fullfile);<br />
if (! -e $file) {<br />
warn "WARNING skipping $alias -> $cname Please run 'scp $SOURCE_HOST:$fullfile .'";<br />
return; # go to next line of aliases file<br />
} else {<br />
# process include file<br />
open(F,$file) || warn "Can not read $file";<br />
while (<F>) {<br />
chomp;<br />
(m/#\s*Department:*\s*(.*)/) && ($ou = $1); # can't make use of this in zmprov mdl :(<br />
if (m/#\s*Description:*\s*(.*)/) {<br />
$description = $1;<br />
$description =~ s/"/'/g; # don't blow our command line<br />
}<br />
if (m/#\s*Name:*\s*(.*)/) {<br />
$display_name = $1;<br />
$display_name =~ s/"/'/g; # don't blow our command line<br />
}<br />
s/#.*$//; # skip comments<br />
next if /^\s*$/; # skip blank lines<br />
push @cnames, $_;<br />
}<br />
}<br />
return $description, $display_name, \@cnames;<br />
}<br />
# example data<br />
__DATA__<br />
admin: root<br />
dudes: me,you<br />
postmaster: sarah<br />
wsu: :include:/etc/mail/lists/wsu.list<br />
jon.doe: jdoe<br />
</pre><br />
<br />
* ''Tip - Put a comma at the end of the line in the aliases file if you want to make a distribution list with one member instead of an alias! Useful if you plan on adding more members later.''<br />
<br />
= Remove Accounts =<br />
<br />
Here is a script that can be used to remove all accounts and distribution lists, save for accounts you specify. By default it leaves the admin account, the wiki account, and the ham and spam accounts.<br />
<br />
<pre><br />
#!/bin/bash<br />
################################################################################<br />
# $Id: deprovision,v 1.2 2007/02/18 20:41:43 dlbewley Exp $<br />
#-------------------------------------------------------------------------------<br />
# Description:<br />
# Script to remove all Zimbra accounts and distribution lists.<br />
# This may be useful for getting back to square one if you are testing bulk <br />
# provisioning during a migration.<br />
#<br />
# See Also:<br />
# http://wiki.zimbra.com/index.php?title=Bulk_Create<br />
#<br />
# Usage:<br />
# su - zimbra<br />
# ./deprovision > deprovision.zmp<br />
# zmprov < deprovision.zmp<br />
#<br />
################################################################################<br />
<br />
# this will be passed to grep -vE which acts as an exclude list<br />
KEEP_ACCOUNTS='^(admin@|ham\.|spam\.|wiki@)'<br />
# this will be passed to grep -vE which acts as an exclude list<br />
KEEP_LISTS=''<br />
# files to hold distlist and account lists<br />
ACCOUNTS='accounts.zmprov'<br />
LISTS='distlists.zmprov'<br />
<br />
TMPA=`mktemp "$ACCOUNTS.XXXXXX"`<br />
TMPL=`mktemp "$LISTS.XXXXXX"`<br />
<br />
# get accounts lists<br />
zmprov gaa > "$TMPA"<br />
if [ -n "$KEEP_ACCOUNTS" ]; then<br />
grep -vE "$KEEP_ACCOUNTS" "$TMPA" > "$ACCOUNTS"<br />
rm "$TMPA"<br />
else<br />
mv "$TMPA" "$ACCOUNTS"<br />
fi<br />
<br />
# get distribution lists<br />
zmprov gadl > "$TMPL"<br />
if [ -n "$KEEP_LISTS" ]; then<br />
grep -vE "$KEEP_LISTS" "$TMPL" > "$LISTS"<br />
rm "$TMPL"<br />
else<br />
mv "$TMPL" "$LISTS"<br />
fi<br />
<br />
# remove accounts<br />
cat "$ACCOUNTS" | while read account; do<br />
echo "da $account"<br />
done<br />
<br />
# remove lists<br />
cat "$LISTS" | while read list; do<br />
echo "ddl $list"<br />
done<br />
</pre><br />
<br />
{{Article_Footer|unknown|4/3/2006}}<br />
<br />
[[Category:OSX]]</div>Tfournet